Security concern with popular, home-based, Internet routers

Independent Security Evaluators, a Baltimore-based security firm, stated that 13 Internet routers sold for home use were vulnerable to attack if the hacker had network access and could obtain the username and password of the router.  These routers include:

  • Linksys WRT310v2
  • Netgear’s WNDR4700
  • TP-Link’s WR1043N
  • Verizon’s FiOS Actiontec MI424WR-GEN3I
  • D-Link’s DIR865L
  • Belkin’s N300, N900 and F5D8236-4 v2 models

Basic suggestions:

  • Check to see if your home-based Internet modem/router is named above.  If so, check with the manufacturer to ensure that all security updates have been applied.
  • Change the login credentials using a complex password.  (Please review the article “Simple passwords = disaster” in our January 2013 Bryley Tips and Information.)

 

ComputerWorld.com — Popular Home Routers Contain Critical Security Vulnerabilities has the full story by Jeremy Kirk at ComputerWorld.

The (near-term) future of computer technology – Part 1

The crystal ball is somewhat cloudy, but here are my thoughts on user interfaces and their adoption.

User interfaces on computing devices

Alphabetically, these are the practical computer-interface options we know today:

  • Heads-up Display (HUD) – Military displays have been based on HUD technology for decades.  Basic concept is to provide see-through information that is available within the area of vision without the need to look around.
  • Motion sensing – Motion allows the user to direct through body motions; you can lump the joystick and mouse in this category, but, preferably, Motion is done without manipulating a physical device.
  • Projection – A key component of HUD, it could enhance or replace displays, especially on mobile devices that can be difficult to read due to their small size.  Projection, combined with Motion, will get interesting when you can gesture within a larger image projected onto a nearby surface.
  • Speech recognition with text-to-speech or TTS – Older technologies (a blind friend has had both since the late-80s), but computer processing is now robust enough to support Speech for mainstream use.
  • Touch displays – Touch has been around since the early 1990s, but it wasn’t until a few years ago that manufacturing costs of touch displays decreased to assist with the widespread adoption of mobile devices.  Touch simplifies the user interface by removing the need for separate keyboards (and mice), but generally mimics the function of a keyboard when inputting significant amounts of text.
  • Type – I’d define this as old-school typing on a separate keyboard, usually with a mouse to assist; can’t seem to get rid of this one since it is so inexpensive and since most (all?) computers still support its use.

Some examples with their approximate costs:

  • Google Glass – Combines HUD with Speech in an eye-glass format; $1,500.
  • Microsoft Table – Touch with Projection on a table-top surface; just $8,400.
  • Nitendo’s Wii – Maybe not so new, but Motion for game consoles that was revolutionary in the mid-2000s; about $130.
  • Keyboard plus mouse – Older than dirt, but you can get both for under $15.

Adoption of user interfaces within the generational divide

In terms of adopting new interfaces, I think that much depends on your age group:

  • Younger folk (less than 30 years old) take naturally to the newest and fastest; they’ll still Type via Touch (reluctantly, usually by abbreviating wherever possible), but HUD, Motion, and Projection, are their future.  (Not quite so sure about the use of Speech in this group; do people under 30 talk to others on their phone or do they only text one another?)
  • Mid-range (call it 30 to 55 years old) people can adapt, but it gets tougher as you advance (age-wise) within this group.  I figure these folk Speak, Type and Touch, but would be willing to migrate to other options if they are easy to deploy and inexpensive to own.  Full-size keyboards and mice will remain (and, hopefully, die) with this group.
  • Older (over 55) folk are less adaptable, but can cope with current technology.  Switching platforms is a challenge, even if the interface is conceptually easier to grasp and use.  Some can learn how to use other options, but I suspect most will stay with what they know: Touch and Type.

From my experience:

  • I have had computing experience since high school.  While training my dad on Microsoft Windows, I was struck by the amount of effort required to transfer knowledge; the concepts were tough for my dad, who had no computing background, to assimilate.
  • My son, who grew up with graphic-intensive video games, has a broad grasp of current technologies and flexible fingers; he always looks pained when demonstrating basic touch-screen usage to me on my mobile phone.  (It doesn’t help that I can barely see the screen and that my thumbs tend to stray away from their intended targets, especially in portrait mode.)

Basically; you can teach an aging human a new interface, but it takes some work.

Simple passwords = disaster

The top five end-user passwords from 2012 were:

  • password (yes, the actual word itself)
  • 123456
  • 12345678
  • abc123
  • qwerty (top-left keys on your keyboard below the numbers)

 

The top three in this list, “password”, 123456”, and “12345678”, were also the top three passwords in 2011.  Basic analysis:  Most people prefer simple passwords that are easy to remember and replicate.

 

However, by simplifying passwords, we are making it easy for others to access our online accounts.  As Mike Morel, Bryley Engineer, pointed out: “I just HATE [sic] the fact that passwords need to be more complex and abstract because it is counter-intuitive to (the average) human thought process.  We would all just want to have 1 password for everything…  Something easy to remember.  New techniques, faster computing power, and sheer determination on the part of the bad guys makes that nearly impossible going forward.”

 

According to Wikipedia: “The strength of a password is a function of its length, complexity, and predictability.  Using strong passwords lowers the overall risk of a security breach.”

 

Since they are unpredictable, the strongest passwords are randomly generated and long; these prove to be the most-difficult to crack since they do not relate to anything.  However, they are also the most difficult to remember and can be virtually impossible to get end-users to adopt.

 

When creating a non-random password:

  • Add length to the password itself; eight characters are considered a minimum, but passwords of greater length can be tougher to crack.
  • Use both upper and lower-case alphabetic characters.
  • Add special characters (! @ # $ % ^ & * + =) and numbers (1 2 3 4, etc.).
  • Use the upper-case characters, numbers, and special characters within the body of the password rather than at the beginning or end of the password.
  • Do not use anything of a personal nature such as birthdays or names or relations and pets.

 

See http://news.cnet.com/8301-1009_3-57538774-83/jesus-welcome-join-list-of-worst-passwords/ for an informative article from Steven Musil of CNET News.  Visit http://thehackernews.com/2013/01/the-use-of-passwords-in-technological.html for the hacker’s perspective.  (Editor’s note:  Bryley Systems does not endorse the views nor the content of www.thehackernews.com; we find this site to be counter to the interests of our readers and clients and we urge caution when visiting.)

Cybercrime targets smaller organizations

A recent Data Breach Investigation Report (DBIR) from Verizon notes that 98% of data breaches stemmed from external sources using hacking techniques (81%) and malware (69%).  About 79% of the data breaches were directed at “targets of opportunity”, typically smaller organizations that are vulnerable through an “exploitable weakness”; most attacks were performed using relatively unsophisticated methods.

Of the breaches investigated, 94% involved computer-network servers; 85% took weeks or longer to discover.  Of those discovered, “97% were avoidable through simple or intermediate controls”.

Wade Baker, Verizon’s security research director, told London’s The Inquirer that cyber-criminals target small and mid-sized organizations since larger enterprises are well defended.

Basic suggestions:

  • Scan emails for malware and threats
  • Require complex passwords that change frequently
  • Restrict access-control and review event logs periodically
  • Deploy a physical firewall and maintain/update it periodically
  • Restrict web-surfing, especially on computers with access to sensitive data
  • Install malware-prevention software, update it continuously, and scan often
  • Train employees on proper security policies and common threats

(Note: These are areas where Bryley Systems can help; please call us at 978.562.6077 or email Info@Bryley.com.)

See CSO’s Thwarted by Security at enterprises, cyber criminals target SMBs for comments and suggestions.

 

Visit http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf  summary.